0 $columns = array(); // selectable columns $text_length = null; foreach ($fields as $key => $field) { $name = $adminer->fieldName($field); if (isset($field["privileges"]["select"]) && $name != "") { $columns[$key] = html_entity_decode(strip_tags($name)); if (ereg('text|blob', $field["type"])) { $text_length = $adminer->selectLengthProcess(); } } $rights += $field["privileges"]; } list($select, $group) = $adminer->selectColumnsProcess($columns, $indexes); $where = $adminer->selectSearchProcess($fields, $indexes); $order = $adminer->selectOrderProcess($fields, $indexes); $limit = $adminer->selectLimitProcess(); $from = ($select ? implode(", ", $select) : "*") . "\nFROM " . idf_escape($TABLE) . ($where ? "\nWHERE " . implode(" AND ", $where) : ""); $group_by = ($group && count($group) < count($select) ? "\nGROUP BY " . implode(", ", $group) : "") . ($order ? "\nORDER BY " . implode(", ", $order) : ""); if ($_POST && !$error) { $where_check = "(" . implode(") OR (", array_map('where_check', (array) $_POST["check"])) . ")"; $primary = ($indexes["PRIMARY"] ? ($select ? array_flip($indexes["PRIMARY"]["columns"]) : array()) : null); // empty array means that all primary fields are selected foreach ($select as $key => $val) { $val = $_GET["columns"][$key]; if (!$val["fun"]) { unset($primary[$val["col"]]); } } if ($_POST["export"]) { dump_headers($TABLE); dump_table($TABLE, ""); if ($_POST["format"] != "sql") { // Editor doesn't send format $row = array_keys($fields); if ($select) { $row = array(); foreach ($select as $val) { $row[] = (ereg('^`.*`$', $val) ? idf_unescape($val) : $val); //! columns looking like functions } } dump_csv($row); } if (!is_array($_POST["check"]) || $primary === array()) { dump_data($TABLE, "INSERT", "SELECT $from" . (is_array($_POST["check"]) ? ($where ? " AND " : " WHERE ") . "($where_check)" : "") . $group_by); } else { $union = array(); foreach ($_POST["check"] as $val) { // where is not unique so OR can't be used $union[] = "(SELECT" . limit("$from " . ($where ? "AND " : "WHERE ") . where_check($val) . $group_by, 1) . ")"; } dump_data($TABLE, "INSERT", implode(" UNION ALL ", $union)); } exit; } if (!$adminer->selectEmailProcess($where, $foreign_keys)) { if ($_POST["save"]) { // edit $result = true; $affected = 0; $query = idf_escape($TABLE); $set = array(); if (!$_POST["delete"]) { foreach ($columns as $name => $val) { //! should check also for edit or insert privileges $val = process_input($fields[$name]); if ($val !== null) { if ($_POST["clone"]) { $set[idf_escape($name)] = ($val !== false ? $val : idf_escape($name)); } elseif ($val !== false) { $set[] = idf_escape($name) . " = $val"; } } } $query .= ($_POST["clone"] ? " (" . implode(", ", array_keys($set)) . ")\nSELECT " . implode(", ", $set) . "\nFROM " . idf_escape($TABLE) : " SET\n" . implode(",\n", $set)); } if ($_POST["delete"] || $set) { $command = "UPDATE"; if ($_POST["delete"]) { $command = "DELETE"; $query = "FROM $query"; } if ($_POST["clone"]) { $command = "INSERT"; $query = "INTO $query"; } if ($_POST["all"] || ($primary === array() && $_POST["check"]) || count($group) < count($select)) { $result = queries($command . " $query" . ($_POST["all"] ? ($where ? "\nWHERE " . implode(" AND ", $where) : "") : "\nWHERE $where_check")); $affected = $connection->affected_rows; } else { foreach ((array) $_POST["check"] as $val) { // where is not unique so OR can't be used $result = queries($command . limit1($query . "\nWHERE " . where_check($val))); if (!$result) { break; } $affected += $connection->affected_rows; } } } queries_redirect(remove_from_uri("page"), lang('%d item(s) have been affected.', $affected), $result); //! display edit page in case of an error } elseif (!$_POST["import"]) { // modify $result = true; $affected = 0; foreach ($_POST["val"] as $unique_idf => $row) { $set = array(); foreach ($row as $key => $val) { $key = bracket_escape($key, 1); // 1 - back $set[] = idf_escape($key) . " = " . $connection->quote($adminer->editVal($val, $fields[$key])); } $result = queries("UPDATE" . limit1(idf_escape($TABLE) . " SET " . implode(", ", $set) . " WHERE " . where_check($unique_idf) . ($where ? " AND " . implode(" AND ", $where) : ""))); // can change row on a different page without unique key if (!$result) { break; } $affected += $connection->affected_rows; } queries_redirect(remove_from_uri(), lang('%d item(s) have been affected.', $affected), $result); } elseif (is_string($file = get_file("csv_file", true))) { $file = preg_replace("~^\xEF\xBB\xBF~", '', $file); //! character set $result = true; $cols = array_keys($fields); preg_match_all('~(?>"[^"]*"|[^"\\r\\n]+)+~', $file, $matches); $affected = count($matches[0]); begin(); $separator = ($_POST["separator"] == "csv" ? "," : ";"); foreach ($matches[0] as $key => $val) { preg_match_all("~((\"[^\"]*\")+|[^$separator]*)$separator~", $val . $separator, $matches2); if (!$key && !array_diff($matches2[1], $cols)) { //! doesn't work with column names containing ",\n // first row corresponds to column names - use it for table structure $cols = $matches2[1]; $affected--; } else { $set = ""; foreach ($matches2[1] as $i => $col) { $set .= ", " . idf_escape($cols[$i]) . " = " . ($col == "" && $fields[$cols[$i]]["null"] ? "NULL" : $connection->quote(str_replace('""', '"', preg_replace('~^"|"$~', '', $col)))); } $set = substr($set, 1); $result = queries("INSERT INTO " . idf_escape($_GET["select"]) . " SET$set ON DUPLICATE KEY UPDATE$set"); if (!$result) { break; } } } if ($result) { queries("COMMIT"); } queries_redirect(remove_from_uri("page"), lang('%d row(s) have been imported.', $affected), $result); queries("ROLLBACK"); } else { $error = upload_error($file); } } } $table_name = $adminer->tableName($table_status); page_header(lang('Select') . ": $table_name", $error); session_write_close(); $set = null; if (isset($rights["insert"])) { $set = ""; foreach ((array) $_GET["where"] as $val) { if (count($foreign_keys[$val["col"]]) == 1 && ($val["op"] == "=" || (!$val["op"] && !ereg('[_%]', $val["val"])) // LIKE in Editor )) { $set .= "&set" . urlencode("[" . bracket_escape($val["col"]) . "]") . "=" . urlencode($val["val"]); } } } $adminer->selectLinks($table_status, $set); if (!$columns) { echo "

" . lang('Unable to select the table') . ($fields ? "." : ": " . error()) . "\n"; } else { echo "

\n"; echo "
"; hidden_fields_get(); echo (DB != "" ? '' : ""); // not used in Editor echo ''; echo "
\n"; $adminer->selectColumnsPrint($select, $columns); $adminer->selectSearchPrint($where, $columns, $indexes); $adminer->selectOrderPrint($order, $columns, $indexes); $adminer->selectLimitPrint($limit); $adminer->selectLengthPrint($text_length); $adminer->selectActionPrint($text_length); echo "
\n"; $page = $_GET["page"]; if ($page == "last") { $found_rows = $connection->result("SELECT COUNT(*) FROM " . idf_escape($TABLE) . ($where ? " WHERE " . implode(" AND ", $where) : "")); $page = floor(($found_rows - 1) / $limit); } $query = "SELECT" . limit((intval($limit) && $group && count($group) < count($select) && $driver == "sql" ? "SQL_CALC_FOUND_ROWS " : "") . $from . $group_by, ($limit != "" ? intval($limit) : null), ($page ? $limit * $page : 0), "\n"); echo $adminer->selectQuery($query); $result = $connection->query($query); if (!$result) { echo "

" . error() . "\n"; } else { if ($driver == "mssql") { $result->seek($limit * $page); } $email_fields = array(); echo "

\n"; $rows = array(); while ($row = $result->fetch_assoc()) { $rows[] = $row; } // use count($rows) without LIMIT, COUNT(*) without grouping, FOUND_ROWS otherwise (slowest) if ($_GET["page"] != "last") { $found_rows = (intval($limit) && $group && count($group) < count($select) ? ($driver == "sql" ? $connection->result(" SELECT FOUND_ROWS()") : $connection->result("SELECT COUNT(*) FROM ($query) x")) // space to allow mysql.trace_mode : count($rows) ); } if (!$rows) { echo "

" . lang('No rows.') . "\n"; } else { $backward_keys = $adminer->backwardKeys($TABLE, $table_name); echo "\n"; echo "\n"; foreach ($adminer->rowDescriptions($rows, $foreign_keys) as $n => $row) { $unique_array = unique_array($rows[$n], $indexes); $unique_idf = ""; foreach ($unique_array as $key => $val) { $unique_idf .= "&" . (isset($val) ? urlencode("where[" . bracket_escape($key) . "]") . "=" . urlencode($val) : "null%5B%5D=" . urlencode($key)); } echo "\n"; // close to allow white-space: pre } echo "
" . lang('edit') . ""; $names = array(); $functions = array(); reset($select); $order = 1; foreach ($rows[0] as $key => $val) { $val = $_GET["columns"][key($select)]; $field = $fields[$select ? $val["col"] : $key]; $name = ($field ? $adminer->fieldName($field, $order) : "*"); if ($name != "") { $order++; $names[$key] = $name; echo '' . apply_sql_function($val["fun"], $name) . ""; //! columns looking like functions } $functions[$key] = $val["fun"]; next($select); } $lengths = array(); if ($_GET["modify"]) { foreach ($rows as $row) { foreach ($row as $key => $val) { $lengths[$key] = max($lengths[$key], min(40, strlen(utf8_decode($val)))); } } } echo ($backward_keys ? "" . lang('Relations') : "") . "
" . checkbox("check[]", substr($unique_idf, 1), in_array(substr($unique_idf, 1), (array) $_POST["check"]), "", "this.form['all'].checked = false; formUncheck('all-page');") . (count($select) != count($group) || information_schema(DB) ? '' : " " . lang('edit') . ""); foreach ($row as $key => $val) { if (isset($names[$key])) { $field = $fields[$key]; if ($val != "" && (!isset($email_fields[$key]) || $email_fields[$key] != "")) { $email_fields[$key] = (is_email($val) ? $names[$key] : ""); //! filled e-mails can be contained on other pages } $link = ""; $val = $adminer->editVal($val, $field); if (!isset($val)) { $val = "NULL"; } else { if (ereg('binary|blob|bytea', $field["type"]) && $val != "") { $link = h(ME . 'download=' . urlencode($TABLE) . '&field=' . urlencode($key) . $unique_idf); } if ($val == "") { $val = " "; } elseif ($text_length != "" && ereg('text|blob', $field["type"]) && is_utf8($val)) { $val = shorten_utf8($val, max(0, intval($text_length))); // usage of LEFT() would reduce traffic but complicate query - expected average speedup: .001 s VS .01 s on local network } else { $val = h($val); } if (!$link) { // link related items foreach ((array) $foreign_keys[$key] as $foreign_key) { if (count($foreign_keys[$key]) == 1 || count($foreign_key["source"]) == 1) { foreach ($foreign_key["source"] as $i => $source) { $link .= where_link($i, $foreign_key["target"][$i], $rows[$n][$source]); } $link = h(($foreign_key["db"] != "" ? preg_replace('~([?&]db=)[^&]+~', '\\1' . urlencode($foreign_key["db"]), ME) : ME) . 'select=' . urlencode($foreign_key["table"]) . $link); // InnoDB supports non-UNIQUE keys break; } } } if ($key == "COUNT(*)") { //! columns looking like functions $link = h(ME . "select=" . urlencode($TABLE)); $i = 0; foreach ((array) $_GET["where"] as $v) { if (!array_key_exists($v["col"], $unique_array)) { $link .= h(where_link($i++, $v["col"], $v["val"], urlencode($v["op"]))); } } foreach ($unique_array as $k => $v) { $link .= h(where_link($i++, $k, $v, (isset($v) ? "=" : "IS NULL"))); } } } if (!$link && is_email($val)) { $link = "mailto:$val"; } if (!$link && is_url($row[$key])) { $link = "http://www.adminer.org/redirect/?url=" . urlencode($row[$key]); // intermediate page to hide Referer, may be changed to rel="noreferrer" in HTML5 } $id = h("val[$unique_idf][" . bracket_escape($key) . "]"); $value = $_POST["val"][$unique_idf][bracket_escape($key)]; $h_value = h(isset($value) ? $value : $row[$key]); $long = strpos($val, "..."); $editable = is_utf8($val) && !$long && $rows[$n][$key] == $row[$key] && !$functions[$key]; $text = ereg('text|blob', $field["type"]); echo (($_GET["modify"] && $editable) || isset($value) ? "" . ($text ? "" : "") : "" . $adminer->selectVal($val, $link, $field) ); } } $adminer->backwardKeysPrint($backward_keys, $rows[$n]); echo "
\n"; } parse_str($_COOKIE["adminer_export"], $adminer_export); if ($rows || $page) { $exact_count = true; if ($_GET["page"] != "last" && intval($limit) && count($group) >= count($select) && ($found_rows >= $limit || $page)) { $found_rows = $table_status["Rows"]; if (!isset($found_rows) || $where || 2 * $page * $limit > $found_rows || ($table_status["Engine"] == "InnoDB" && $found_rows < 1e4)) { // slow with big tables ob_flush(); flush(); $found_rows = $connection->result("SELECT COUNT(*) FROM " . idf_escape($TABLE) . ($where ? " WHERE " . implode(" AND ", $where) : "")); } else { $exact_count = false; } } echo "

"; if (intval($limit) && $found_rows > $limit) { // display first, previous 4, next 4 and last page $max_page = floor(($found_rows - 1) / $limit); echo lang('Page') . ":" . pagination(0, $page) . ($page > 5 ? " ..." : ""); for ($i = max(1, $page - 4); $i < min($max_page, $page + 5); $i++) { echo pagination($i, $page); } echo ($page + 5 < $max_page ? " ..." : "") . ($exact_count ? pagination($max_page, $page) : ' ' . lang('last') . ""); } echo " (" . ($exact_count ? "" : "~ ") . lang('%d row(s)', $found_rows) . ") " . checkbox("all", 1, 0, lang('whole result')) . "\n"; if (!information_schema(DB)) { ?>

onclick="if (!selectDblClicked) { alert(''); return false; };">
dumpOutput(1, $adminer_export["output"]) . " " . $adminer->dumpFormat(1, $adminer_export["format"]); // 1 - select echo " \n"; echo "\n"; } print_fieldset("import", lang('CSV Import'), !$result->num_rows); echo " "; echo html_select("separator", array("csv" => "CSV,", "csv;" => "CSV;"), $adminer_export["format"], 1); // 1 - select echo " \n"; echo "\n"; $adminer->selectEmailPrint(array_filter($email_fields, 'strlen'), $columns); echo "
\n"; } }